<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Admin</title>
<link href="loginmodule.css" rel="stylesheet" type="text/css" />
</head>
<body>
<?php
include_once ("common.php");
printHeader();
?>

<form name=form method=post action="feedback.php" >
<table align="right">
<tr>
    <td><input type=text name=moviefeedback size="12"><input type=submit value="search movie"></td>
</tr> 
</table>
</form>

</body>
</html>
<?php
require_once ('config.php');

$con = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if (!$con) {
	die('Could not connect: ' . mysql_error());
}
mysql_select_db(DB_DATABASE, $con);

# check to see if movie exists
if (mysql_num_rows(mysql_query("SELECT * FROM movielist where name = '$_POST[moviename]'")) > 0) {
	die('Error: movie already exists!');
}

// This is a simple file uploader. We do some basic error checking and
// add some arbitrary restrictions, just for the sake of exercise.

// This is our upload directory, relative to our CWD
$upload_dir = "images/movies/";

// Make sure we only process known images and restrict the size to something
// reasonable, say 10MB.
if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/png") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 10000000)) {

	// Make sure there are no errors
	if ($_FILES["file"]["error"] > 0) {
		echo "Error Code: " . $_FILES["file"]["error"] . "<br />";
	} else {
		$temp_fname = $_FILES["file"]["tmp_name"];
		$real_fname = $_FILES["file"]["name"];
		echo "Upload: " . $real_fname . "<br />";
		echo "Type: " . $_FILES["file"]["type"] . "<br />";
		echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
		echo "Temp file: " . $temp_fname . "<br />";

		// Create a file name that doesn't exist. Keep the original filename
		// as prefix.
		$split = preg_split("/\./", $real_fname);
		$ext = $split[sizeof($split) - 1];
		echo "<br>";
		$fname = $upload_dir . "_" . rand() . "_" . $real_fname;

		move_uploaded_file($temp_fname, $fname);

		// Set permissions correctly
		chmod($fname, 0644);
		echo "Successfully saved as: " . $fname;
	}
} else {
	echo "Invalid file";
}
echo "<br><br>";

$sql = "INSERT INTO movielist (ID, name, picture_path, rating, synopsis) VALUES (0, '$_POST[moviename]', '$fname', '$_POST[Mrating]', '$_POST[synopsis]')";

#'$_POST[totaltickets]'

if (!mysql_query($sql, $con)) {
	die('Error: ' . mysql_error());
}

$result = mysql_query("select LAST_INSERT_ID() as last", $con);
$last = -1;
while ($row = mysql_fetch_array($result)) {
	$last = intval($row[0]);
	break;
}

# now insert the number of tickets
$times = array (
	"time1" => "totaltix1",
	"time2" => "totaltix2",
	"time3" => "totaltix3",
	"time4" => "totaltix4"
);
foreach ($times as $time => $totaltix) {
	if ($_POST[$time]) {
		if (!$_POST[$totaltix]) {
			die("Need to specify a number of tix!");
		}
		$sql = "INSERT INTO showtimes (movieID, showtime, available_tickets) VALUES ($last, '$_POST[$time]', $_POST[$totaltix])";
		if (!mysql_query($sql, $con)) {
			die("Error: could not add movie with SQL '$sql'");
		}
	}
}
echo "You added a new movie to the current playing <a href='movielist.php'>movie list</a>.";

mysql_close($con)
//echo "value is".$_POST['moviename'].$_POST['Mrating'];
?>
